Windows XP DLL loading vulnerability

Description

Security researcher Haifei Li of FortiGuard Labs
reported that Firefox could be used to load a malicious code library
that had been planted on a victim's computer. Firefox attempts to
load dwmapi.dll upon startup as part of its platform detection, so on
systems that don't have this library, such as Windows XP, Firefox will
subsequently attempt to load the library from the current working
directory. An attacker could use this vulnerability to trick a user
into downloading a HTML file and a malicious copy of dwmapi.dll into
the same directory on their computer and opening the HTML file with
Firefox, thus causing the malicious code to be executed. If the
attacker was on the same network as the victim, the malicious DLL
could also be loaded via a UNC path. This DLL is only loaded at
startup so a successful attack requires that Firefox not currently
be running when it is asked to open the HTML
file and accompanying DLL.

This issue was also independently reported to Mozilla
by Acros Security. After the issue became public a
number of other community members contacted Mozilla to report the
issue.

Firefox users on Windows Vista or Windows 7
were not vulnerable to this attack because dwmapi.dll is part
of the OS in Vista and later versions and the legitimate copy
is successfully loaded by
Firefox before attempting to load the planted DLL.